All the Perl that's Practical to Extract and Report

File::Temp, Directory::Scratch and -T

jk2addict on 2007-12-31T19:59:14

I'm posting this so maybe someone else will learn from my pain. I just spent an hour trying to figure out why Directory::Scratch and File::Temp were creating temp directorys in $ENV{TMP} on one test script under Win32, and in the cwd() on another script.

Of course, the answer is that one test has -T, and one does not. With tainting on of course, there is no ENV (TMP/TEMP), so the cwd() is used. It makes sense, but in a way feels like a bug.

At the very least, maybe that should be a big fat warning on the File::Temp pod.

doc patches welcome

jhi on 2007-12-31T21:31:22

If you do it soon enough, it will end up it 5.10.1!

DWIM or RTFM?

dagolden on 2008-01-01T00:57:59

It says pretty clearly that it creates a directory in tmpdir -- and references File::Spec. And File::Spec clearly cites tainting. What's so surprising?

I think you need to ask yourself why you're running tests in taint mode. Are you testing something that specifically involves taint mode? If so, great. If not -- and you're doing it "just because", then you're setting yourself up to be surprised when the computer goes ahead and does exactly what you asked it to do.

I used to see this a lot on Windows where a test file uses taint mode and calls something that eventually invokes a fork -- which causes a segfault on 5.8.8. (E.g. try "perl -Te fork" on 5.8.8 to see it. It seems to be fixed on 5.10.0 thankfully.) I just think that taint mode in tests files is a bad idea unless one really needs it.

-- dagolden

Re:DWIM or RTFM?

jk2addict on 2008-01-01T05:22:51

Well, RTFM is a funny thing...the farther away from the module you're using, the less he lack RTFMing is the users fault. As a user of Directory::Scratch, should I have to RTFM three to four levels deep to find one mention of tempdir producing two different results when in and out of taint mode?

As far as running tests under taint mode, I do it for one reason only: to sooner find our what doesn't work under taint mode. There is nothing more frustrating than trying to turn on Taint in Apache/ModPerl instance, just to find out that your module, or ever worse, that some core module not only acts differently under taint mode, but usually just plain dies.

Far more things that run under -T will run without -T, but I dare say the reverse isn't as true.